From the article: I had no idea this was a type of warrant that could be granted. Unfortunately the article doesn't quantify how often these are used. They instead say google's requests from law...
From the article:
The lawyer, Caleb Kenyon, dug around and learned that the notice had been prompted by a “geofence warrant,” a police surveillance tool that casts a virtual dragnet over crime scenes, sweeping up Google location data — drawn from users’ GPS, Bluetooth, Wi-Fi and cellular connections — from everyone nearby.
I had no idea this was a type of warrant that could be granted. Unfortunately the article doesn't quantify how often these are used. They instead say google's requests from law enforcement have been on the rise in general, and give percentages.
You can turn off location history in your Google account quite easily, and delete your location history. I've had it off for a several years. Google Maps works fine.
You can turn off location history in your Google account quite easily, and delete your location history. I've had it off for a several years. Google Maps works fine.
It sounds like geofence warrants also apply to cellular tower connections. That means one should be using a Faraday cage or avoid carrying a phone altogether if the goal is to avoid tracking.
It sounds like geofence warrants also apply to cellular tower connections. That means one should be using a Faraday cage or avoid carrying a phone altogether if the goal is to avoid tracking.
Sure, but since most people don't know to do that, and since Google uses dirty tricks like removing features that don't need location services when you do that, most people won't do it.
Sure, but since most people don't know to do that, and since Google uses dirty tricks like removing features that don't need location services when you do that, most people won't do it.
Yes, probably most people won't do it, but I'm saying that it is actually a practical thing to do. I vaguely remember seeing occasional nagging to turn on location services, but I haven't seen it...
Yes, probably most people won't do it, but I'm saying that it is actually a practical thing to do.
I vaguely remember seeing occasional nagging to turn on location services, but I haven't seen it in a while. Either Google Maps has gotten better about it, or I've stopped trying to do whatever it was that required it.
Well, I get cell phone service through Google Fi and I use Google Maps to check traffic and get directions a lot, so my whereabouts probably could be determined from that. But I am also mostly at...
Well, I get cell phone service through Google Fi and I use Google Maps to check traffic and get directions a lot, so my whereabouts probably could be determined from that. But I am also mostly at home; my location data is extremely boring.
And after working for Google for more than a decade, I think they know quite a lot about me anyway. :)
Maintaining good operational security for real would be totally different.
Check out the GrapheneOS project. It's a hardened variant of Android without Google tracking/apps. Sadly the developer only has the resources to support Pixel phones (with the 3, 3 XL, 3a, 3a XL...
Check out the GrapheneOS project. It's a hardened variant of Android without Google tracking/apps. Sadly the developer only has the resources to support Pixel phones (with the 3, 3 XL, 3a, 3a XL variants being the most secure).
This post is for anybody who wants information on how a Pixel 3 (any variant) with GrapheneOS stacks up against other options like an iPhone 11 or another Android ROM (custom build of Android)....
This post is for anybody who wants information on how a Pixel 3 (any variant) with GrapheneOS stacks up against other options like an iPhone 11 or another Android ROM (custom build of Android).
The rest of that Github issue is a good read too. Especially Daniel's next post about the incomplete security patching for LineageOS (the most popular Android ROM). Nearly all other custom Android projects are just as bad since they are not actually made by security or privacy-conscious developers.
Your surveillance state, working as intended! Remember folks, you have nothing to fear if you have nothing to hide. Systems like this will never be abused and everything is fine. Just keep your...
Your surveillance state, working as intended!
Remember folks, you have nothing to fear if you have nothing to hide. Systems like this will never be abused and everything is fine.
Just keep your head down and go about your business.
As messed up as this story is, I a happy something like this has happened. I feel bad for the guy, but this is pretty much going to be THE example I and, I am sure, lot's of others will use...
As messed up as this story is, I a happy something like this has happened. I feel bad for the guy, but this is pretty much going to be THE example I and, I am sure, lot's of others will use anytime anyone says 'I have nothing to hide' when it comes down to privacy.
I think this is just a very tangible example, this guy did nothing wrong except for cycling past a place, a lot of us drive around, walk around or bike around. And just because of that, he had to...
I think this is just a very tangible example, this guy did nothing wrong except for cycling past a place, a lot of us drive around, walk around or bike around. And just because of that, he had to spend so much money and it caused so many problems
This seems like the digital equivalent of seeing a police officer look at you too long and thinking "oh my God, they're after me!" And then getting a lawyer because they looked at you funny. The...
This seems like the digital equivalent of seeing a police officer look at you too long and thinking "oh my God, they're after me!" And then getting a lawyer because they looked at you funny.
The police never did anything to contact him and the only way he found out was the Google notice. Riding a bike past someone's house isn't a crime. Its unclear anyone including the police ever thought otherwise.
I think it's a bit more invasive than that. To me giving access to my personal accounts is more like having my home searched by police. Sure, they won't find anything covered by the warrant (even...
I think it's a bit more invasive than that. To me giving access to my personal accounts is more like having my home searched by police. Sure, they won't find anything covered by the warrant (even though it's possible they could find things unrelated and use them later), you're unlikely to be prosecuted without sufficient evidence (though that does happen), and in the case of a digital search it's not even a hassle like having your drawers emptied would be. It's just that it's a huge invasion of privacy based on a tiny hunch. Even if you don't end up in a police database listed under "suspects of crime", even if they don't save that data to trawl for keywords later, even if you don't run into a corrupt officer who has a beef with you and wants to make your life hell (which again, DOES happen), just the thought that you can have your virtual drawers rifled through by jack booted thugs is unsettling just on the basic premise.
The court order is compelling google to hand over your personal emails, location history, possibly financial data, tax returns, bank details, and every important document you have saved to any google service, to be rifled through with very little oversight. It's unclear what protections there are in place to safeguard that data and ensure it gets deleted or can't be accessed later. My assumption is there are none, that data will be stored in a database of suspects and ten years from now your ex girlfriend's cop friend can dig up gigabytes of private emails and hand it to them on a USB drive to dig through for personal dirt.
the whole quote of 'you have nothing to fear if you have nothing to hide' for me goes back to when the patriot act was authorized. more self rights gone by the day
the whole quote of 'you have nothing to fear if you have nothing to hide' for me goes back to when the patriot act was authorized.
There have been other cases, including this very concerning example where a man was jailed on an erroneous circumstantial suspicion of murder. One thing we need to be aware of in discussing...
There have been other cases, including this very concerning example where a man was jailed on an erroneous circumstantial suspicion of murder.
One thing we need to be aware of in discussing geofence dragnet searches is that law enforcement is essentially farming out the unconstitutional dragnet part of the search to Google. If the courts had any technological sophistication, geofence warrants wouldn't be granted at all.
Google has the ability to search everyone in its Sensorvault database, and hands over the "probable cause"-worthy matches to the police. Even though the instantaneous match/no-match database check doesn't physically intrude on your life, your personal location history might have been searched.
It's unlikely the framers of the Constitution gave consideration to the construction of a database query.
Yet there's a substantial difference between "starting at location x, during time y, return all beacon IDs", and "search everyone for presence near location x during time y, and return matching beacon IDs". We don't know how the searches are actually conducted. Even in the narrowly specific first case, mere presence is made suspect in a way that real-life investigation and witnesses would avoid.
Having a private company do the bad thing on behalf of law enforcement doesn't make it better; it makes it worse, because the public has little ability to give specific consent or hold Google accountable for abuse and errors.
The process is ridiculously susceptible to false positives, and these days, only the dumbest of criminals would bring their phone to the scene of a planned crime.
Edit: Here's another example, where an entire community was "fenced" for search.
From the article:
I had no idea this was a type of warrant that could be granted. Unfortunately the article doesn't quantify how often these are used. They instead say google's requests from law enforcement have been on the rise in general, and give percentages.
Sounds like the solution, if you're a criminal, is to just not use Android or any Google services. That's pretty easy if you have an iPhone!
You can turn off location history in your Google account quite easily, and delete your location history. I've had it off for a several years. Google Maps works fine.
It sounds like geofence warrants also apply to cellular tower connections. That means one should be using a Faraday cage or avoid carrying a phone altogether if the goal is to avoid tracking.
Sure, but since most people don't know to do that, and since Google uses dirty tricks like removing features that don't need location services when you do that, most people won't do it.
Yes, probably most people won't do it, but I'm saying that it is actually a practical thing to do.
I vaguely remember seeing occasional nagging to turn on location services, but I haven't seen it in a while. Either Google Maps has gotten better about it, or I've stopped trying to do whatever it was that required it.
you dont think they still track you?
Well, I get cell phone service through Google Fi and I use Google Maps to check traffic and get directions a lot, so my whereabouts probably could be determined from that. But I am also mostly at home; my location data is extremely boring.
And after working for Google for more than a decade, I think they know quite a lot about me anyway. :)
Maintaining good operational security for real would be totally different.
Yep, that's true. But every company you remove from the equation improves the situation.
Check out the GrapheneOS project. It's a hardened variant of Android without Google tracking/apps. Sadly the developer only has the resources to support Pixel phones (with the 3, 3 XL, 3a, 3a XL variants being the most secure).
This post is for anybody who wants information on how a Pixel 3 (any variant) with GrapheneOS stacks up against other options like an iPhone 11 or another Android ROM (custom build of Android).
The developer of GrapheneOS, Daniel Micay (@thestinger on github) compares a Pixel 3(a) with GrapheneOS against an iPhone 11: https://github.com/privacytoolsIO/privacytools.io/issues/832#issuecomment-489236848
The rest of that Github issue is a good read too. Especially Daniel's next post about the incomplete security patching for LineageOS (the most popular Android ROM). Nearly all other custom Android projects are just as bad since they are not actually made by security or privacy-conscious developers.
Techlore did an overview video of GrapheneOS as a project and what to expect for day-to-day usage. He also did an installation walkthrough video.
Your surveillance state, working as intended!
Remember folks, you have nothing to fear if you have nothing to hide. Systems like this will never be abused and everything is fine.
Just keep your head down and go about your business.
As messed up as this story is, I a happy something like this has happened. I feel bad for the guy, but this is pretty much going to be THE example I and, I am sure, lot's of others will use anytime anyone says 'I have nothing to hide' when it comes down to privacy.
I think this is just a very tangible example, this guy did nothing wrong except for cycling past a place, a lot of us drive around, walk around or bike around. And just because of that, he had to spend so much money and it caused so many problems
This seems like the digital equivalent of seeing a police officer look at you too long and thinking "oh my God, they're after me!" And then getting a lawyer because they looked at you funny.
The police never did anything to contact him and the only way he found out was the Google notice. Riding a bike past someone's house isn't a crime. Its unclear anyone including the police ever thought otherwise.
I think it's a bit more invasive than that. To me giving access to my personal accounts is more like having my home searched by police. Sure, they won't find anything covered by the warrant (even though it's possible they could find things unrelated and use them later), you're unlikely to be prosecuted without sufficient evidence (though that does happen), and in the case of a digital search it's not even a hassle like having your drawers emptied would be. It's just that it's a huge invasion of privacy based on a tiny hunch. Even if you don't end up in a police database listed under "suspects of crime", even if they don't save that data to trawl for keywords later, even if you don't run into a corrupt officer who has a beef with you and wants to make your life hell (which again, DOES happen), just the thought that you can have your virtual drawers rifled through by jack booted thugs is unsettling just on the basic premise.
The court order is compelling google to hand over your personal emails, location history, possibly financial data, tax returns, bank details, and every important document you have saved to any google service, to be rifled through with very little oversight. It's unclear what protections there are in place to safeguard that data and ensure it gets deleted or can't be accessed later. My assumption is there are none, that data will be stored in a database of suspects and ten years from now your ex girlfriend's cop friend can dig up gigabytes of private emails and hand it to them on a USB drive to dig through for personal dirt.
Definitely. It's unlikely he's the first, or the last....just the first that got media attention.
the whole quote of 'you have nothing to fear if you have nothing to hide' for me goes back to when the patriot act was authorized.
more self rights gone by the day
There have been other cases, including this very concerning example where a man was jailed on an erroneous circumstantial suspicion of murder.
One thing we need to be aware of in discussing geofence dragnet searches is that law enforcement is essentially farming out the unconstitutional dragnet part of the search to Google. If the courts had any technological sophistication, geofence warrants wouldn't be granted at all.
Google has the ability to search everyone in its Sensorvault database, and hands over the "probable cause"-worthy matches to the police. Even though the instantaneous match/no-match database check doesn't physically intrude on your life, your personal location history might have been searched.
It's unlikely the framers of the Constitution gave consideration to the construction of a database query.
Yet there's a substantial difference between "starting at location x, during time y, return all beacon IDs", and "search everyone for presence near location x during time y, and return matching beacon IDs". We don't know how the searches are actually conducted. Even in the narrowly specific first case, mere presence is made suspect in a way that real-life investigation and witnesses would avoid.
Having a private company do the bad thing on behalf of law enforcement doesn't make it better; it makes it worse, because the public has little ability to give specific consent or hold Google accountable for abuse and errors.
The process is ridiculously susceptible to false positives, and these days, only the dumbest of criminals would bring their phone to the scene of a planned crime.
Edit: Here's another example, where an entire community was "fenced" for search.